Final Report (Dac-Mac)

Securing Cloud Server & Data Access With Multi-Authorities
Chapter 1
INTRODUCTION
1.1 Overview
Cloud computing describes applications that are extended to be
accessible through the Internet. These cloud applications use large data
centers or cloud data storage (CDS) and powerful servers that host Web
applications and Web services. Anyone with a suitable Internet connection
and a standard browser can access a cloud application. Cloud computing
consists of multiple cloud computing service providers (CSPs). In terms of
software and hardware, a cloud system is composed of many types of
computers, storage devices, communications equipment, and software
systems running on such devices.
Cloud storage is composed of thousands of storage devices clustered
by network, distributed file systems and other storage middleware to provide
cloud storage service for cloud users. The typical structure of cloud storage
includes storage resource pool, distributed file system, service level
agreements (SLAs), and service interfaces, etc. Globally, they can be divided
by physical and logical functions boundaries and relationships to provide
more compatibilities and interactions. Cloud storage is tending to combined
with cloud security, which will provide more robust security [1].
Cloud storage is an important service of cloud computing [1]. It allows data owners to
host their data in the cloud that provides 24/7/365 data access to the users (data consumers).
Data access control is an effective way to ensure the data security in the cloud. However, cloud
storage service separates the roles of the data owner from the data service provider, and the data
owner does not interact with the user directly for providing data access service, which makes the
data access control a challenging issue in cloud storage systems. Because the cloud server cannot
Dept of ISE, SJCE, Mysore
2013-2014
Page 1

be fully trusted by data owners, traditional server-based access control methods are no longer
applicable to cloud storage systems.
1.2 Existing System
To prevent the untrusted servers from accessing sensitive data, traditional methods
usually encrypt the data and only users holding valid keys can access the data. These methods
require complicated key management schemes and the data owners have to stay online all the
time to deliver the keys to new user in the system. Moreover, these methods incur high storage
overhead on the server, because the server should store multiple encrypted copies of the same
data for users with different keys. Cipher text-Policy Attribute-based Encryption (CP-ABE) [2],
[3] is regarded as one of the most suitable technologies for data access control in cloud storage
systems, because it gives the data owner more direct control on access policies and does not
require the data owner to distribute keys.
In CP-ABE scheme, there is an authority that is responsible for attribute management and
key distribution. The authority can be the registration office in a university, the human resource
department in a company, etc. The data owner defines the access policies and encrypts data under
the policies. Each user will be issued a secret key according to its attributes. A user can decrypt
the cipher text only when its attributes satisfy the access policies.
Extensive research has been done for single authority systems [2][6]. However, in cloud
storage systems, a user may hold attributes issued by multiple authorities and the owner may
share data to the users administrated to different authorities. For instance, a data owner may want
to share medical data only with a user who has the attribute of Doctor issued by a hospital and
the attribute Medical Researcher issued by a medical research center. Although some
multiauthority CP-ABE schemes [7][10] have been proposed for data encryption, they cannot
be directly applied to do data access control for multi-authority cloud storage systems, because
they either require a global central attribute authority to manage all the attributes across different
organizations or lack of efficiency.
2013-2014
Page 2
Existing System Disadvantages
Data Owner does not directly involve in the interaction with the user.
The cloud server cannot be fully trusted by data owners so traditional server-based access
control methods are no longer applicable to cloud storage systems.
Cloud security is a tractable problem. There are both advantages and challenges.
1.3 Proposed System

The aim of this project is to study the data access control issue in multi-authority cloud
storage systems. One critical requirement in the design of access control schemes is the
efficiency in computation. There are two operations in access control that require efficient
computation, namely decryption and revocation. The users may use their smart phones to access
the data in nowadays cloud storage systems, but the computation ability of smart phones is not as
strong as the PCs. Thus, the decryption on each user should be as efficient as possible in the
design of data access control schemes. When a user is degraded or leaving the system, some
attributes should be revoked from this user.
In this project, we first construct a new multi-authority CPABE scheme with efficient
decryption and design an efficient attribute revocation method for it. Then, we apply them to
design an effective access control scheme for multi-authority systems. The main contributions of
this work can be summarized as follows.
1)
We propose Third party auditor (TPA) which acts as a proxy server to safeguard the cloud
server.
2)
We construct a new multi-authority CP-ABE scheme with efficient decryption.
Specifically, we outsource the main computation of the decryption by using a token based
decryption method.
2013-2014
Page 3

3)
We also design an efficient immediate attribute revocation method for multi-authority
CP-ABE scheme that achieves both forward security and backward security. It is efficient in the
sense that it incurs less communication cost and computation cost of the revocation.
Proposed System Advantages
This project will provide security to cloud servers as well as the data in the cloud server.
This project uses a Third party auditor (TPA) which acts as a proxy server to safeguard
the cloud server.
This project gives security to the data uploaded by the data owner when user is changed
by revoking the attributes of those users who are using that particular data.
This project allows the user to access multiple data belonging to different fields/sector without
much fuss from the data owner or the cloud server if the user is registered.
1.4 Organization of the Report

This project thesis gives overall view of design and development of multi authority cloud
storage system. The main body of the thesis is preceded by detailed table of contents, lists of
figures, tables, and glossary followed by units used in the report which is followed by appendices
which contains the screen shots. The body of the thesis is divided into 9 chapters.
Chapter 1 gives an brief introduction about the Cloud storage and data access in cloud
systems.
Chapter 2 including the literature survey which is aimed at presenting a review of

existing literature on the subjects Securing cloud server and data access in multi
authorities.
Chapter 3 is about Software Requirement Specification which explains the user

characteristics, assumptions and dependencies, constraints and functional requirements of
the system.
2013-2014
Page 4
Chapter 4 is about High Level Design which explains the architectural strategies, system
architecture, component interfaces and flow of data in the system with the help of Data
Flow Diagrams (DFD).
Chapter 5 is about Detailed Design which focuses on the major modules and their
respective class diagrams and state diagrams. It explains the key components the
Framework by providing functional description of the modules.
Chapter 6 explains Implementation which explains the programming language,

development environment, code conventions followed during implementation of the
project. This chapter also puts light on the difficulties encountered in the course of
implementation of the project and strategies used to tackle them.
Chapter 7 gives Software Testing which explains the test environment and briefly
explains the test cases which were executed during various testing.
Chapter 8 explains Experimental results which give the outcome of the work carried out
and evaluation criteria on which the project is based.
Chapter 9 is about Conclusion which gives overall description of the project carried and
also brings out the limitations of the project and future enhancements.
2013-2014
Page 5
Chapter 2
Literature Survey
Literature survey is mainly carried out in order to analyze the background of the current
project which helps to find out flaws in the existing system & guides on which unsolved
problems can work out. So, the following topics not only illustrate the background of the project
but also uncover the problems and flaws which motivated to propose solutions and work on this
project. The purpose of this study is to provide background information on the issues to be
considered in this thesis and to emphasize the relevance of the present study.
2.1 Related Work
Cryptographic techniques are well applied to access control for remote storage systems
[17][19]. Traditional public key encryption (PKE) based schemes [20], [21] either incurs
complicated key management or produces multiples copies of encrypted data with different
users keys. Some methods [22], [23] deliver the key management and distribution from the data
owners to the remote server under the assumption that the server is trusted or semi-trusted.
However, the server is not fully trusted in cloud storage systems and thus these methods cannot
be applied to access control for cloud storage systems.
Attribute-based Encryption (ABE) is a promising technique that is designed for access
control of encrypted data. After Sahai and Waters introduced the first ABE scheme [24], Goyal et
al. [25] formulated the ABE into two complimentary forms: Key-Policy ABE (KP-ABE) and
Cipher text-Policy ABE (CPABE). There are a number of works used ABE to realize finegrained
access control for outsourced data [15], [26], [27]. In these schemes, a trusted single authority is
used to manage the attributes and issue keys. However, in real storage systems, the authority can
fail or be corrupted, which may leak out the data since the authority can decrypt all the encrypted
data. Moreover, the authority may become the performance bottleneck in the large scale cloud
storage systems.
2013-2014
Page 6

Some new cryptographic methods are proposed to the multi-authority ABE problem [7]
[10], [28], [29]. Chase [7] proposed a solution that introduced a global identifier to tie users keys
together. The proposed scheme also relies on a central authority to provide a final secret key to
integrate the secret keys from different attribute authorities. However, since the central authority
would be able to decrypt all the cipher text in the Chases scheme, the central authority would be
a vulnerable point for security attacks and a performance bottleneck for large scale systems.
Another limitation of Chases scheme is that it can only express a strict AND policy over a
pre-determined set of authorities. To improve the Chases scheme, Muller et al. [8] proposed a
multi-authority ABE scheme that can handle any expressions in LSSS access policy, but it also
requires a centralized authority. Chase et al. [9] also proposed a method to remove the central
authority by using a distributed PRF (pseudo-random function). But it has the same limitation to
strict AND policy of pre-determined authorities. Lin et al. [28] proposed a decentralized
scheme based on threshold mechanism. In this scheme, the set of authorities is pre-determined
and it requires the interaction among the authorities during the system setup. This scheme can
tolerate collusion attacks for up to m colluding users, where m is a system parameter chosen at
setup time. In [10], Lewko et al. proposed a new comprehensive scheme, which does not require
any central authority. It is secure against any collusion attacks and it can process the access
policy expressed in any Boolean formula over attributes. However, their method is constructed in
Composite order bilinear groups that incur heavy computation cost. They also proposed a multiauthority CP-ABE scheme constructed in prime order group, but they did not consider attribute
revocation.
There are a number of works about the revocation in ABE systems in the cryptography
literature [2][6]. However, these methods either only support the user level revocation or rely on
the server to conduct the attribute revocation. Moreover, these attribute revocation methods are
designed only for ABE systems with single authority. Ruj et al. [16] designed a DACC scheme
and proposed an attribute revocation method for the Lewko and Waters decentralized ABE
scheme. However, their attribute revocation method incurs a heavy communication cost since it
requires the data owner to transmit a new cipher text component to every non-revoked user. Li et
al. [30] proposed an attribute revocation method for multi-authority ABE systems, but their
method is only for KP-ABE systems.
2013-2014
Page 7
Green et al. [14] proposed two ABE schemes that outsource the decryption to the server.
In their schemes, the authority separates the traditional secret key into a user secret key and a
transformation key. However, their schemes are designed only for the single authority systems
and do not support for the multi-authority systems. That is because each authority may generate
different users secret key, such that the transformation keys cannot be combined together to
transform the cipher text into a correct intermediate value.
2.2 Survey Papers

Cloud computing is one of the emerging technologies. The cloud environment is a large
open distributed system. It is important to preserve the data, as well as, privacy of users. Access
Control methods ensure that authorized users access the data and the system. This paper
discusses various features of attribute based access control mechanism, suitable for cloud
computing environment. It leads to the design of attribute based access control mechanism for
cloud computing [31].
Revocation is a vital open problem in almost every cryptosystem dealing with malicious
behaviors. In cipher text policy attribute based encryption, unlike traditional public key
cryptosystem, different users may hold the same functional secret keys related with the same
attribute set leading to additional difficulties in designing revocation mechanism. In this paper,
we propose the cipher text policy attribute based encryption scheme with efficient revocation
which can be proved secure in the standard model. Our construction uses linear secret sharing
and binary tree techniques as the underlying tools. In addition to assigned attribute set, each user
is also assigned with a unique identifier. Therefore, a user can be easily revoked by using his/her
unique identifier; on the other hand, the encryption and decryption algorithms of ABE (Attribute
Based Encryption) can be done without any involvement of these unique identifiers. Then, we
prove the chosen plaintext security of our construction based on Decisional Bilinear DiffieHellman (DBDH) assumption in the standard model. Finally, we provide some discussion on the
efficiency of our scheme and the extensions including delegation capability and chosen cipher
text security [32].
2013-2014
Page 8

Attribute-based encryption (ABE) is a new vision for public key encryption that allows
users to encrypt and decrypt messages based on user attributes. For example, a user can create a
cipher text that can be decrypted only by other users with attributes satisfying (Faculty OR
(PhD Student AND Quals Completed)). Given its expressiveness, ABE is currently being
considered for many cloud storage and computing applications. However, one of the main
efficiency drawbacks of ABE is that the size of the cipher text and the time required to decrypt it
grows with the complexity of the access formula. In this work, we propose a new paradigm for
ABE that largely eliminates this overhead for users. Suppose that ABE ciphertexts are stored in
the cloud. We show how a user can provide the cloud with a single transformation key that
allows the cloud to translate any ABE ciphertext satisfied by that users attributes into a
(constant-size) El Gamal-style ciphertext, without the cloud being able to read any part of the
users messages. To precisely define and demonstrate the advantages of this approach, we
provide new security definitions for both CPA and replayable CCA security with outsourcing,
several new constructions, an implementation of our algorithms and detailed performance
measurements. In a typical configuration, the user saves significantly on both bandwidth and
decryption time, without increasing the number of transmissions [33].
Some of the most challenging issues in data outsourcing scenario are the enforcement of
authorization policies and the support of policy updates. Ciphertext-policy attribute-based
encryption is a promising cryptographic solution to these issues for enforcing access control
policies defined by a data owner on outsourced data. However, the problem of applying the
attribute-based encryption in an outsourced architecture introduces several challenges with
regard to the attribute and user revocation. In this paper, we propose an access control
mechanism using cipher text-policy attribute-based encryption to enforce access control policies
with efficient attribute and user revocation capability. The fine-grained access control can be
achieved by dual encryption mechanism which takes advantage of the attribute-based encryption
and selective group key distribution in each attribute group. We demonstrate how to apply the
proposed mechanism to securely manage the outsourced data. The analysis results indicate that
the proposed scheme is efficient and secure in the data outsourcing systems [34].
2013-2014
Page 9

It is secure for customers to store and share their sensitive data in the cryptographic cloud
storage. However, the revocation operation is a sure performance killer in the cryptographic
access control system. To optimize the revocation procedure, we present a new efficient
revocation scheme which is efficient, secure, and unassisted. In this scheme, the original data are
first divided into a number of slices, and then published to the cloud storage. When a revocation
occurs, the data owner needs only to retrieve one slice, and re-encrypt and re-publish it. Thus, the
revocation process is accelerated by affecting only one slice instead of the whole data. We have
applied the efficient revocation scheme to the cipher text-policy attribute-based encryption (CPABE) based cryptographic cloud storage. The security analysis shows that our scheme is
computationally secure. The theoretically evaluated and experimentally measured performance
results show that the efficient revocation scheme can reduce the data owners workload if the
revocation occurs frequently [35].
Chapter 3
Requirements Specification
2013-2014
Page 10

A Software Requirements Specification (SRS) is a complete description of the behavior of
the system to be developed. It includes the functional and nonfunctional requirement for the
software to be developed. The functional requirement includes what the software should do and
nonfunctional requirement include the constraint on the design or implementation of the system.
Requirements should be able to measure, and can be tested, and detail enough to be sufficient for
system design.
3.1 Functional Requirements:

It must be able to authenticate and authorize each user before connecting to a particular
cloud.
It must provide cloud services to all the registered users.
It must allow users to register to associated attribute agents.
The attribute agent will have to give a secret key to registered users to decrypt the data
downloaded from the cloud.
The cloud server must generate the token to help the user to decrypt the data with its
global private key.
It must act as an interface between Owners, Users and Cloud servers.
It must help the owner to upload a single file to multiple cloud servers at the same
instances.
It must provide a proxy server in the name of TPA to safeguard the cloud server from
hackers.
It must be able to generate the secret key when uploading the data to cloud by the data
owner.
It must help the data owner to block the unauthorized user without giving secret key to
access the file.
It must evaluate and increase the performance and throughput of overall system.
3.2 Non-Functional Requirements:
2013-2014
Page 11

Reliability: Developed project should be reliable on windows platform. This project shall
work properly in the background of other programs. Hence its reliability mainly depends
from where the data is captured.
Availability: Developed project must be available for operation when it is intended to by
the user. It should recover fast from any possible errors generated by the system or by
user.
Security: Security would be ensured through the role-based specification. It means based
on the authorization of each client.
Maintainability: Developed project shouldnt corrupt or make any changes to the
background tools. Its Maintenance should be same as just other products and shouldnt
require any special software.
Performance: The security of the cloud server and the data in the server must be secured
all the time.
3.3 System Requirements
System requirements comprises of the physical requirements i.e. hardware & logical
requirement i.e. software requirements. Hardware is the set of things which includes sensors,
computers, cables etc. Software requirements are the set of software tools that we require.
3.3.1 Software Requirement
Operating System: Microsoft Windows XP (or higher), Linux
IDE: Eclipse
Language: Core-Java
Software Packages: JDK 1.6
3.3.2 Hardware Requirement
Processor: 2.6 GHz 32bit Processor Windows 2003 Server, 1 GHz 32bit Processor
Windows XP Client
Chapter 4
High Level Design
2013-2014
Page 12

Design is one of the important phase of any software development process. It delivers the
whole idea of the process in a diagrammatic way. Design mainly involves two ways of
representation, they are:
1. High Level Design
2. Low Level Design
4.1 System Architecture
Fig 4.1 System Architectute
As shown in Fig.4.1. The system model consists of Six types of entities: a global
certificate authority (CA), the attribute authorities (AAs), the cloud server (server), the data
owners(owners),the data consumers (users) and the Third Party auditor (TPA).
The CA is a global trusted certificate authority in the system. It sets up the system and
accepts the registration of all the users and AAs in the system. The CA is responsible for the
distribution of global secret key and global public key for each legal user in the system.
2013-2014
Page 13

However, the CA is not involved in any attribute management and the creation of secret keys that
are associated with attributes.
Every AA is an independent attribute authority that is responsible for issuing, revoking
and updating users attributes according to their role or identity in its domain. Each AA is
responsible for generating a public attribute key for each attribute it manages and a secret key for
each user associates with their attributes.
The cloud server stores the owners data and provides data access service to users. It
generates the decryption token of a cipher text for the user by using the secret keys of the user
issued by the AAs. The server also does the cipher text update when an attribute revocation
happens.
The data owners define the access policies and encrypt the data under the policies before
hosting them in the cloud. They do not rely on the server to do the data access control. Instead,
the cipher text can be accessed by all the legal users in the system
The Third Party Auditor (TPA) allows the user to view the files on the cloud server, It
also give information about which file is stored in which server. The TPA provides security to the
Cloud server so that the attacker may not attack the server & hack the data
4.1.1 Level 0 System Architecture
2013-2014
Page 14
Fig. 4.2 System Architecture (Level 0)
In the above diagram, we can make out that Control agent plays a controlling role in this
project and all users, cloud servers andowners need to register to this control agent to perform
their respective tasks. Control agent will have a third party auditor(TPA) who will display the file
list. And the attribute is given to protect the unauthorised access transaction or iteraction with the
control agent.
4.2 Data Flow Diagram- High Level Design (Level 1)

A Data Flow Diagram (DFD) is a graphical representation of the "flow" of data through
an information system. Data Flow models are used to show how data flows through a sequence
of steps. At each step different processing takes place before moving on to the next stage. These
processing steps or transformations are program functions in DFD's
2013-2014
Page 15
Fig 4.3 Data Flow Diagram
Here we see the data flowing in the entire project. After the login process of all the users, cloud
servers and owners; the owner will upload a file i.e., encrypted file . The owner will encrypt the
data using a secret key known only to himself. The cloud server will be viewed by everyone so to
avoid any hacking or trouble, we have created a TPA. The users can look at TPA to find out what
all files are there in that particular cloud server. After that, the user will download the file from
the cloud server(Encrypted file) and will ask permission to decrypt the file from the
owner(request for secret key). The owner will check the list of users logged in to verify whether
the requestor is authentic.After verification if the user is valid , the owner will give permission to
decrypt the file.
4.3 Work Flow Diagram (High Level Design)

2013-2014
Page 16
A Workflow Diagram is a simple form of Flowchart depicting the flow of tasks or actions
from one person or group to another. It typically consists of a set of symbols representing actions
or individuals connected by arrows indicating the flow from one to another. Different symbols
represent different aspects of the workflow. For example, a process is represented by a rectangle
while a diamond is used to depict a decision.
Fig 4.4 Work Flow Diagram
The work flow diagram shows how the project is working from external point of view.Its the step
by step method of executing the project. Here first the users log in then cloud servewrs then
owners. Then select file to be uploaded and user will request for the secret key to decrypt the
downloaded file from the cloud server which will be encrypted by the owner to protect his data.
Chapter 5
2013-2014
Page 17
Low Level Design

Detailed Design of a system provides us the deep knowledge of most components described
in the protocol less approach application. In this section, use case diagram of each module has
been provided. The structure chart representation gives control flow.
5.1 Module Specifications
I have divided this project into 5 modules. They are
Contol agent module
User module
Owner module
Cloud module
Attribute module
Detailed description about each module is listed below along with the use case diagrams.
5.2 Use Case Diagram
In object-oriented methodology, the activities of the system are studied by the help of
use-case diagram and the whole task is divided into sub-tasks so that they can be implemented
individually and then integrated to form the whole system.
In software and systems engineering , use case is a list of steps, typically defining
interactions between a role(known in UML as an "actor") and a system, to achieve a goal.The
actor can be a human or an external system. It is the fundamental feature of UML notation for
describing object oriented system model. In the simplest form, use case identifies the type of
interaction and actors involved.
Module 1: Control Agent

Input : User details, Owner details, Cloud details,File uploaded
2013-2014
Page 18

Output : Control on entire operation
Fig 5.1 use case diagram for control agent
Details: The control agent will have the sole authority on every operation in this project. It will
look after the security of the data uploaded by the owner.
Module 2 : User module
Input: User name, Ip address
Output: UID
Fig 5.2 Use case diagram for User Module
Details: The user must be able to log in and he must be get a user id for future operation or
interaction with the cloud server and owner as well.
2013-2014
Page 19

Module 3: Owner Module
Input: Ower ip address, Data to be uploaded, Secret key
Output: Encrypted data
Fig 5.3 use case diagram for Owner Module
Details: Owner will upload the file by encrpting it with a secret key.
Module 4: Cloud Module
Input: File received from owner
Output: Encrpyted file to be downloaded
Fig 5.4 use case diagram for Cloud Module
Details: The cloud will just act as the intermediatory between the owner and the user and it will
provide the security of the data uploaded.
Moduole 5: Attribute Module
Input: Attribute name, Sector name
2013-2014
Page 20

Output: Attribute ID
Fig 5.5 use case diagram for Attribute Module
Details: The attribute will select the sector name and will help in the authentication of user log
in.
Chapter 6
Implementation
The implementation phase of software development is concerned with translating design
specification into source code. The primary goal of software implementation is production of
2013-2014
Page 21

source code that is easy to read and understand. Source code clarity is enhanced by structural
coding techniques.
Class Diagrams
A class diagram in the Unified Modeling Language (UML) is a type of static structure
diagram that describes the structure of a system by showing the system's classes, their attributes,
operations (or methods), and the relationships among the classes. The class diagram is the main
building block of object oriented modeling. It is used both for general conceptual modeling of
the systematic of the application, and for detailed modeling translating the models into
programming code. Class diagrams can also be used for data modeling. The classes in a class
diagram represent both the main objects and or interactions in the application and the objects to
be programmed.
We have five important classes for which we have drawn the class diagrams. In these
class diagrams, we have listed the class name along with imporatant methods used and variables
which play a vitol role in these classes to work perfectly.
2013-2014
Page 22
Fig : Class Diagrams
Sequence Diagram
Chapter 7
2013-2014
Page 23
Testing
Software
testing
is a predominant verification and validation technique. Testing
involves exercising the program using data like the real data processed by the program. The
existence of program defects is in inferred from unexpected system outputs. Testing may be
carried out during the implementation phase to verify the software behaves, as intended by its
designer and after the implementation is complete.
Testing presents on interesting anomaly for the software engineer. During earlier steps in
design and implementation, the engineer attempts to build software from an abstract concept to a
tangible implementation. The engineer creates a series of test cases that are intended to demolish
the software that has been built. In fact, testing is the one step in the software engineering
process that could be viewed as destructive rather than constructive. Testing requires that the
developed and overcome a Conflict of interest that occurs when errors are uncovered.
Testing is an integral part of software development. Testing process, in a way certifies.
Whether the product, that is developed, compiles with the standards, that it was designed to.
Testing process involves building test cases, against which, the product has to be tested.
In some cases, one derives the test cases from the requirements of the product/software,
which is to be developed. There are many methods available for verifying the code . Some
methods are static in nature that is, they do not involve execution of the code. Example of such
methods is data flow analysis, code reading, code reviews.
Goals of testing
Testing begins at the module level and works "outward" toward the integration
Of the entire computer based system.
Different testing techniques are appropriate at different points in time.
The developer of the software and an independent test group conducts testing.
Testing and debugging are different activities but debugging must be
accommodated
in any testing strategy.
6.1 Design of test cases

Normally, the testing phase is divided into different levels of testing. Each level of
2013-2014
Page 24

testing aims to test different aspects of the system. The basic levels are:
Unit Testing
This is the most commonly used method of test where in, we execute the code written
and try to identify any bugs, errors represent in the code. This is the first level of testing.
Unit testing focuses verification effort on the smallest unit of software design the
module. In this, different modules are tested against the specification produced during
design for the modules.
Integration Testing
The second level of testing is called integration testing. In this, many unit tested modules
are combined into sub system, which are then tested. The goal here is to see if the entire
module can be integrated properly.
System/Acceptance Testing
Here the entire software system is tested. The reference document for this process is the
requirement document, and the goal is to see if the software meets its requirements.
Acceptance testing is sometimes performed with realistic data of the client to
demonstrate that the software is working satisfactorily. Testing here focus on the external
behavior of the system.
6.2 Sample test cases

The system is tested using number of test cases the important ones are listed below. The
test description explains about what type of test is done and the expected result is noted prior to
testing and observed against the test case. If the expected and observed values matches, then
decision is made that the test is pass else fail.
The test cases are prepared before we start the process of testing, so that we test our
application extensively and make sure all possibilities are covered. Here is a list of test cases for
our project, which depict the functionality that has been implemented and tested correctly.
Testing is done at various stages in the System designing and implementation process with an
objective of developing a transparent, flexible and secured system.
Unit Testing
The unit testing conducted during this phase involved testing of each module
2013-2014
Page 25

individually.
2013-2014
Page 26

Test
Test case name
case
Test case
Test steps
description
Step
I/p given
Expected o/p
Actual o/p
Register no of
Enter no of
Name of the
Successful
Successful
attributes .
attributes and
attribute and
registration of
registration of
name of the
select the
attribute
attribute
attribute
sector
information
information
ID
TC01 Attribute
registration
TC02
Cloud
Register no of
Enter Cloud
New name of
Successful
Successful
registration
cloud servers
name and IP
the cloud and
registration of
registration of
address
IP address of
cloud
cloud
the cloud
information
information
TC03 User
Registration
TC04 Owner
uploading the
Register the
Enter the
Name, IP
Successful
Successful
user
name, IP
address,
registration of
registration of
address,
Attribute
user
user
attribute and
name and
information
information
sector
sector name
Upload of
Select the file
File, Secret
Successful
Successful
DATA
to be
key
uploading of
uploading of
send,Generate
encrypted data
encrypted data
key and
to cloud server
to cloud server
file
upload to
cloud
TC05 Operations on
cloud
TC06 User
Interaction
View and
Select the file
Encrypted file Successful
Successful
delete a file
to be deleted
deletion or
deletion or
from cloud
or viewed
view of file
view of file
User can
Select the
Owner name,
Request for
Request for
download data
owner, cloud
cloud server
Secret key
secret key
from cloud
server ,File
name and file
2013-2014
Page 27
TC07 Secret key

permission
name
name
User will
User should
Users list
request for
send a request
secret key and
for secret key
owner will
and owner will
give
check the
permission
users list and
Permission
Permission
granted
granted
then send the

secret key
TC08 Generate
Token
Using secret
Generate
Secret key
Token
Token
key, generate
token
and public
generated
generated
key
successfully
successfully
token
TC09 Decrypt the
data
Decrypt the
Using token,
Token
File decryption
File decryption
encrypted data
Global private
generated,
successful
successful
downloaded
key and secret
Global private
from the cloud
key of owner,
key and
server
decrypt the
owner secret
data
key
References
[1] P. Mell and T. Grance, The NIST definition of cloud computing, National Institute of
Standards and Technology, Tech. Rep., 2009.
2013-2014
Page 28

[2] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attribute based encryption, in
Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P07). IEEE Computer
Society, 2007, pp. 321334.
[3] B. Waters, Ciphertext-policy attribute-based encryption: An expressive, efficient, and
provably secure realization, in Proceedings of the 4 th International Conference on Practice and
Theory in Public Key Cryptography (PKC11). Springer, 2011, pp. 5370.
[4] V. Goyal, A. Jain, O. Pandey, and A. Sahai, Bounded ciphertext policy attribute based
encryption, in Proceedings of the 35th International Colloquium on Automata, Languages and
Programming (ICALP08). Springer, 2008, pp. 579591.
[5] R. Ostrovsky, A. Sahai, and B. Waters, Attribute-based encryption with non-monotonic
access structures, in Proceedings of the 14th ACM Conference on Computer and
Communications Security (CCS07). ACM, 2007, pp. 195203.
[6] A. B. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters,Fully secure functional
encryption: Attribute-based encryption and (hierarchical) inner product encryption, in
Proceedings of the 29th Annual International Conference on the Theory and Applications of
Cryptographic Techniques: Advances in Cryptology - EUROCRYPT10. Springer, 2010, pp. 62
91.
[7] M. Chase, Multi-authority attribute based encryption, in Proceedings of the 4th Theory of
Cryptography Conference on Theory of Cryptography (TCC07). Springer, 2007, pp. 515534.
[8] S. Muller, S. Katzenbeisser, and C. Eckert, Distributed attribute-basedencryption, in
Proceedings of the 11th International Conference on Information Security and Cryptology
(ICISC08). Springer, 2008, pp. 2036.
[9] M. Chase and S. S. M. Chow, Improving privacy and security inmulti- authority attributebased encryption, in Proceedings of the 16thACM Conference on Computer and
2013-2014
Page 29
[10] A. B. Lewko and B. Waters, Decentralizing attribute-based encryption,in Proceedings of

the 30th Annual International Conference on theTheory and Applications of Cryptographic
Techniques: Advances inCryptology - EUROCRYPT11. Springer, 2011, pp. 568588.
[11] A. Shamir, Identity-based cryptosystems and signature schemes, inProceedings of the 4st
Annual International Cryptology Conference:Advances in Cryptology - CRYPTO84. Springer,
1984, pp. 4753.
[12] D. Boneh and M. K. Franklin, Identity-based encryption from the weil pairing, in
Proceedings of the 21st Annual International CryptologyConference: Advances in Cryptology CRYPTO01. Springer, 2001,pp. 213229.
[13] C. Cocks, An identity based encryption scheme based on quadratic residues, in
Proceedings of the 8th IMA International Conference on Cryptography and Coding. Springer,
2001, pp. 360363.
[14] M. Green, S. Hohenberger, and B. Waters, Outsourcing the decryption of abe ciphertexts,
in Proceedings of the 20th USENIX Security Symposium. USENIX Association, 2011.
[15] J. Hur and D. K. Noh, Attribute-based access control with efficient revocation in data
outsourcing systems, IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 7, pp. 12141221, 2011.
[16] S. Ruj, A. Nayak, and I. Stojmenovic, DACC: Distributed Access Control in Clouds, in
Proceeding of the 10th IEEE International Conference on Trust, Security and Privacy in
Computing and Communications (TrustCom11). IEEE, 2011, pp. 9198.
[17] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, Plutus: Scalable secure file
sharing on untrusted storage, in Proceedings of the 2nd USENIX Conference on File and
Storage Technologies (FAST03). USENIX, 2003.
2013-2014
Page 30

[18] E.-J. Goh, H. Shacham, N. Modadugu, and D. Boneh, Sirius: Securing remote untrusted
storage, in Proceedings of the Network and Distributed System Security Symposium
(NDSS03). The Internet Society,2003.
[19] D. Naor, M. Naor, and J. Lotspiech, Revocation and tracing schemes for stateless
receivers, Electronic Colloquium on Computational Complexity(ECCC), no. 043, 2002.
[20] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, Patient controlled encryption: ensuring
privacy of electronic medical records, in Proceedings of the first ACM Cloud Computing
Security Workshop (CCSW09). ACM, 2009, pp. 103114.
[21] C. Dong, G. Russello, and N. Dulay, Shared and searchable encrypted data for untrusted
servers, Journal of Computer Security, vol. 19, no. 3,pp. 367397, 2011.
[22] E. Damiani, S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati,
Key management for multi-user encrypted databases, in Proceedings of the 2005 ACM
Workshop On Storage Security And Survivability (StorageSS05). ACM, 2005, pp. 7483.
[23] W. Wang, Z. Li, R. Owens, and B. K. Bhargava, Secure and efficient access to outsourced
data, in Proceedings of the first ACM Cloud Computing Security Workshop (CCSW09).
ACM, 2009, pp. 5566.
[24] A. Sahai and B. Waters, Fuzzy identity-based encryption, in Proceedings of the 24th
Annual International Conference on the Theory and Applications of Cryptographic Techniques:
Advances in Cryptology - EUROCRYPT05. Springer, 2005, pp. 457473.
[25] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine-grained
access control of encrypted data, in Proceedings of the 13th ACM Conference on Computer and
2013-2014
Page 31

[26] S. Yu, C. Wang, K. Ren, and W. Lou, Attribute based data sharing with attribute
revocation, in Proceedings of the 5th ACM Symposium on Information, Computer and
Communications Security (ASIACCS10). ACM, 2010, pp. 261270.
[27] S. Jahid, P. Mittal, and N. Borisov, Easier: encryption-based access control in social
networks with efficient revocation, in Proceedings of the 6th ACM Symposium on Information,
Computer and Communications Security (ASIACCS11). ACM, 2011, pp. 411415.
[28] H. Lin, Z. Cao, X. Liang, and J. Shao, Secure threshold multi authority attribute based
encryption without a central authority, Inf. Sci., vol. 180, no. 13, pp. 26182632, 2010.
[29] J. Li, Q. Huang, X. Chen, S. S. M. Chow, D. S. Wong, and D. Xie, Multi-authority
ciphertext-policy attribute-based encryption with accountability, in Proceedings of the 6th ACM
Symposium on Information, Computer and Communications Security (ASIACCS11). ACM,
2011, pp. 386390.
[30] M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou, Scalable and secure sharing of personal health
records in cloud computing using attribute-based encryption, IEEE Transactions on Parallel and
Distributed Systems, 2012.
[31] Abdul Raouf Khan Access Control In Cloud Computing Environment Proc. ARPN
Journal of Engineering and Applied Sciences,Vol.7,No.5,May 2012. ISSN 1819-6608
[32] Xiaohui Liang, Rongxing Lu, Xiaodong Lin, and Xuemin (Sherman) Shen Ciphertext
Policy Attribute Based Encryption with Efficient Revocation
[33] Matthew Green, Susan Hohenberger_ Brent Waters Outsourcing the Decryption of ABE
Ciphertexts
2013-2014
Page 32

[34] Junbeom Hur ; 4101 Siebel Center, Univ. of Illinois at Urbana-Champaign, Urbana, IL,
USA ; Dong Kun Noh Attribute-Based Access Control with Efficient Revocation in Data
Outsourcing Systems.
[35] Yong Cheng, Zhi-ying Wang, Jun Ma, Jiang-jiang Wu, Song-zhu Mei, Jiang-chun Ren
Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud
storage
2013-2014
Page 33

Final Report (Dac-Mac)

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Final Report (Dac-Mac)

Hochgeladen von

Copyright:

Verfügbare Formate

Securing Cloud Server & Data Access With Multi-Authorities

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Securing Cloud Server & Data Access With Multi-Authorities

Existing System Disadvantages

1.3 Proposed System

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

We also design an efficient immediate attribute revocation method for multi-authority

1.4 Organization of the Report

Chapter 2 including the literature survey which is aimed at presenting a review of

Chapter 3 is about Software Requirement Specification which explains the user

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Chapter 6 explains Implementation which explains the programming language,

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Securing Cloud Server & Data Access With Multi-Authorities

2.2 Survey Papers

Securing Cloud Server & Data Access With Multi-Authorities

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

3.1 Functional Requirements:

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Operating System: Microsoft Windows XP (or higher), Linux

Software Packages: JDK 1.6

3.3.2 Hardware Requirement

Securing Cloud Server & Data Access With Multi-Authorities

Fig 4.1 System Architectute

Securing Cloud Server & Data Access With Multi-Authorities

4.1.1 Level 0 System Architecture

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Fig. 4.2 System Architecture (Level 0)

4.2 Data Flow Diagram- High Level Design (Level 1)

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Fig 4.3 Data Flow Diagram

4.3 Work Flow Diagram (High Level Design)

Securing Cloud Server & Data Access With Multi-Authorities

Fig 4.4 Work Flow Diagram

Securing Cloud Server & Data Access With Multi-Authorities

Low Level Design

Contol agent module

Module 1: Control Agent

Securing Cloud Server & Data Access With Multi-Authorities

Fig 5.1 use case diagram for control agent

Fig 5.2 Use case diagram for User Module

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Fig 5.3 use case diagram for Owner Module

Fig 5.4 use case diagram for Cloud Module

Securing Cloud Server & Data Access With Multi-Authorities

Fig 5.5 use case diagram for Attribute Module

Securing Cloud Server & Data Access With Multi-Authorities

Dept of ISE, SJCE, Mysore

Securing Cloud Server & Data Access With Multi-Authorities

Fig : Class Diagrams